A cybersecurity attack can be devastating to any company, but improving your software supply chain can significantly minimize your risk of being compromised.

With the rapid increase in the adoption and use of Open Source Software (OSS) in modern application development, it is important to perform additional diligence. All of the components of your software supply chain need a thorough inspection. IBM is collaborating in the OSS ecosystem with other industry leaders and key OSS communities to address a broad range of security issues that have developed over time. These issues have appeared gradually, and it will take time to create new security best practices to address these challenges.

One of the many ways that IBM is collaborating with these OSS communities is by being an active member of the Open Source Security Foundation (OpenSSF), an initiative developed and launched by the Linux Foundation.

The OpenSSF describes itself as “… a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.” IBM is one of the founding members of the organization, and Jamie Thomas, General Manager, Systems Strategy and Development at IBM, serves as a Board Chair at the OpenSSF.

IBM Technology Services

Clients can improve their security posture by leveraging several valuable products and services from IBM. IBM Technology Services provide clients with several options, including open source security vulnerability assessments and risk mitigation assistance.

The IBM Technology Services Open Source Software team has capabilities on many popular community and commercial products supporting business digital transformation and application modernization. We can offer a range of services helping clients to design, deploy and optimize open source technologies.

Security is not a linear or finite journey; rather, it is a continuous, evolving process. Clients need to take a proactive role in addressing their security today, as waiting for a threat to materialize can sometimes be too late.

How do we help our clients address their overall security?

We integrate security into all of our client engagements. When providing a client with OSS services, we make sure that the OSS download site is valid and we verify the Software Bill of Materials (SBOM) when it is available, meaning that any download links we provide are verified that they are valid and safe. In addition, we can also perform vulnerability assessments and mitigations for or with a client as a separate service.

By using IBM Technology Lifecycle Services for Open Source Technology Services, clients can be confident that they are benefiting from a worldwide community that is constantly evaluating for the presence of bugs and critical vulnerabilities. Other important features include focusing on integrating DevSecOps as a key element in software development.

To learn more about how we can help you, contact technologyservices@ibm.com.


More from Cloud

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…